What is a risk model?

Your definition will affect your future

Financial services firms use multiple models to meet a variety of regulatory and financial reporting standards (such as IFRS 9, CECL and Basel guidelines). With increased scrutiny on model risk, bankers must establish a model risk management program for regulatory compliance and business benefits.

Is a calculation a model? Is a spreadsheet a model? Is the computer-based implementation of a mathematical solution to a problem a model? These are questions that rest heavily on the minds of bankers these days. Why, you ask?

The answer is found in regulatory guidance from the US and Europe on model risk management. If you are a banker, depending on your definition of what constitutes a model, you may or may not need to do some extra work to comply with evolving regulations and guidelines.

Models are useful things to have around and bankers have come to rely on them for certain applications, some of which expose the bank to significant risks. Predictive models fall into this category. Examples include loan approval using credit scoring and hedging models using swaps and options to manage the balance sheet while protecting liquidity and determining capital adequacy.

Validity and governance

The models must be scrutinised and challenged by staff members who are not involved in their development or use. Fundamentally, these model validators must determine whether a given model is fit for the purpose intended. They must understand the business environment and the business objectives the models were designed to support. They must also gauge the uncertainty due to unobservable or unreliable inputs.

And let's not forget about usage. Models that are perfectly developed and implemented can be applied to the wrong customers, financial instrument or set of transactions. Validators must carefully examine these areas, again keeping in mind the business context, as they perform their assessments.

Banks must develop and maintain effective model governance. Doing so entails the creation of a model risk management framework that includes: clear vision articulated from executive management; risk appetite; a testing regimen and validation process; a clear definition of roles, responsibilities and resource needs; and documentation. An inventory of models should also be maintained and sufficient resources allocated to ensure models are understood, the risk exposures they represent are quantified for present and future operation, and all models and their input data and key underlying assumptions are continuously verified and properly managed and maintained.

From the top down

This is a tall order, and it rightfully involves the board of directors and executive management, who must establish and direct an enterprise-wide model risk management (MRM) program. How can directors decide on the proper allocation of resources to MRM? Much of the answer is coming from the regulators these days, but practicalities and experience will ultimately dictate what is truly necessary and what constitutes a waste of time.

Bankers need to have a robust model risk framework that promotes consistent MRM standards across the firm. What would that look like? It must:

  • Be efficient.
  • Report on the entire program (aggregate as well as detailed performance measures from the bottom up).
  • Establish appropriate limits on model risk.
  • Perform stress testing, incorporating extreme use cases.
  • Facilitate risk mitigation and measurement of model risk before and after mitigation.
  • Measure residual model risk based on model performance and traced to risk sources.

The clock is ticking

Overall model complexity is on the increase, and banks are taking greater model risks because of their increasing reliance and expanded use of models. This trend will likely continue, fueled by greater computer processing power, more sophisticated and powerful business solution software, the pace of change in business, and the ever-present pressure for better and faster decisions.

Technology is an important partner in regulatory compliance, and it connects model risk reduction to tangible business benefits. SAS solutions and tools provide transparency into the modeling process, options elected, assumptions made and results obtained - all in an intuitive and thoroughly documented computing environment.

Time is running short and regulatory expectations are high. Are you ready?

For more information on model risk, attend this GARP Webcast where our experts will explain how to organise a model inventory in a repeatable and auditable fashion. They will also discuss how to build out a robust model risk management platform by fostering collaboration among model owners, developers, users, validators and internal audit teams.


serious man working at computer

Download our free paper

Managing Models and Their Risks is a report from GARP and SAS that explores the benefits – as well as the operational and enterprise risks – of models. Learn how to address new challenges and increase your risk management effectiveness as you rely on increasingly sophisticated models to keep pace with a fast-evolving landscape.

5 questions you should ask about your MRM strategy:

  1. Have you established a definition of a model?
  2. Do you have a complete inventory of models to show your regulator?
  3. Can you quantify the exposure each model represents?
  4. How confident are you that you have sufficient controls in place to manage the risks?
  5. Have you established, and has your board approved, an MRM framework?
  6. In the aggregate, how much of your institution's capital could be wiped out due to bad or misused models?